Monday, February 23, 2015

The incidence and scale of hacking (and other types of data security breaching) activity, multiplied by its accelerating level of sophistication has individuals and businesses in an ever-increasing state of fear.

With our dangerous growing dependency on the electronic storage and transmittal of information, as well as with the growing percentage of commerce and banking transacted online and via mobile devices, there is a rapidly rising risk of significant financial and personal (real, physical) loss. Of course, this increasing risk, both actual and perceived, will translate to increasing opportunity for certain entrepreneurs, enterprises and visionary investors.

I would suggest that two business-to-business industry sectors which will ripen to full bloom during the next two to three years [although I do not provide financial or investment advice to any reader/s under any circumstances] will be: 1) cyber security assessments, evaluations and standardized ratings*; and 2) insurance (i.e., insurance products and policy providers) against losses due to incidents involving hacking or other types of data security breaches.
____
* These standardized security ratings could be some variation on the theme of ISO (the International Organization For Standardization) 27001, or promulgated by some other body, either existing or to be created.
____

Start scanning and scouring the news and marketplaces for companies which are contemplating significant investments or forays into either one or both of the above industry sectors, and you will be looking at the future, albeit today.

Discovering and following significant trends across an extensive range of domestic and international consumer, business, demographic, cultural, economic, political, technological and other key areas of influence and impact on life and business; predicting future change, preparing for it and profiting from it.

As computer hackers become increasingly sophisticated and collaborative over their efforts year after year, encryption (no matter how sophisticated or complex) will not provide an adequate defense against various forms of data interception, database compromise, and computer security. Instead of predicting the future, I am going to propose that encryption protocols be augmented by the use of private codes. While codes and code books would seem to be things of the past, they should well be revisited as a means of beating cyber criminals who intend to unlawfully intercept and abuse or corrupt your data.

The combination of encryption and code in securing important emails is a practical application of this combination of technologies. But before going further, allow me to differentiate between codes and ciphers.

Codes, which require a code translation book (preferably not recorded on your business' computers), are word or phrase substitutions. They are used in police and military communications, Gregg Shorthand, and in conveying other sensitive types of data transmissions and critical communications. They are very effective at keeping interlopers unaware of the meaning of the message (even if intercepted) because the only persons who know what the encoded expressions mean are the sender and recipient of the data, each with his or her respective code book. For example, in a message, the expression "All Clear" can easily mean "There is an emergency situation. We have been compromised. Abort the mission." The more code used in a data transmission, the more difficult it becomes for an illicit interceptor to translate the meaning of the correspondence.

Ciphers, as related to encryption rely on formula or algorithms where letters, numbers or symbols are consistently or formulaically substituted by other letters, numbers or symbols. Regrettably, even the most complex algorithms (even compounded ones or temporally shifting ones) are ready targets for hackers. The hackers' work is to find the algorithm -- and there are far too many programs designed to do just that. Codes, if properly constructed and changed periodically, are far more difficult to break. Using a combination of both codes and encryption should be the best practice for electronic communications of private information, and I am optimistic that I have either inadvertently predicted the future or influenced it for the benefit of my readers, clients and colleagues.

Some resource links follow for your further research and reference regarding the brief discussion above:

Discovering and following significant trends across an extensive range of domestic and international consumer, business, demographic, cultural, economic, political, technological and other key areas of influence and impact on life and business; predicting future change, preparing for it and profiting from it.